Creating Bandwidth Shaping Policies

Note: This topic applies to the Hearst Release.

Shaping policies determine the bandwidth allocated to a number of applications. Each shaping policy is allocated a maximum incoming and outgoing bandwidth level, and a number of applications to share that allocation.

You can use a weighting system to provide a level of preferred access to network bandwidth, for different applications. For example:



Hotels artificially restricting video services over a free WiFi connection to encourage customers to use the premium service



Businesses prioritizing VoIP traffic over video streaming

Applications, and application groups, can be given relative weights on a defined scale. When there is contention for bandwidth within a class, relative weighting is used to proportionately allocate bandwidth for the specified applications. A single application’s weighting is calculated as a proportion of the total weighting for all applications, or application groups, for that shaping policy. The total share for a class does not depend upon which applications are in use.

Bandwidth shaping rules are applied before application weighting. Weighting is only used as a fairness measure when traffic exceeds the available bandwidth for that class.

In addition to using an application weighting, you can also configure a cap on the bandwidth available for each application or application group. This can be used to provide an absolute restriction on particular services.

Business — The Business policy defines bandwidth application slices and caps for the following services relevant for a corporate environment:

•

All Collaboration services, such as, SharePoint and WebEx

•

All Mail services, such as Exchange and POP3

•

Remote access services, such as remote desktop connections, and VPN/Tunneling services, such as OpenVPN

This configuration gives priority to home working services. If there is excessive demand, Collaboration services receive half the allocation of Remote Access services, and Mail services receive half again. The Mail services slice is smaller as email packets tend to be small and non-interactive. All other services receive the same priority as home working services.



Control video streaming — This policy defines bandwidth application slices and caps for the following services typically relevant for a video streaming environment:

•

Google Videos™, Hulu, NetFlix, RTMP, SHOUTcast

This configuration gives priority to all other traffic. If there is excessive demand on bandwidth, named video streaming services receive one tenth of the available bandwidth compared to all others.



Default — This is the “catch-all” policy for those services that are not allocated to another bandwidth shaping policy. All traffic is treated fairly.

If there is excessive demand on bandwidth, this configuration provides a dedicated slice of bandwidth to specified services to avoid VoIP latency.

The pre-defined policies listed above are defined according to function, and can be altered to suit your own operational needs. However, you can create policies based on a single application, single application group, or a mixture of the above to suit a particular subnet. For example, a school may choose to create a policy which lists all individual applications that need to have restricted bandwidth which accessed from a classroom, and an additional policy that has less restrictive bandwidth for the same applications when accessed from a recreational area. For more information, see Assigning Application Slices.

Shaping policies determine the amount of bandwidth that may be used by specified applications. Additionally, you can prioritize bandwidth for specific applications, or application groups. You do this by slicing up the allocated bandwidth, according to the relative importance of the application. You can also apply an additional cap to the amount of bandwidth used by that application.

Before configuring application slices, it may be useful to the consider the following:



By configuring an application slice, you are saying that you want to control traffic from specified applications, and application groups.



Applications not specified are not prevented from using bandwidth. The amount of bandwidth is relative to previously specified applications.



Relative weight refers to the relative importance of that application, or application group, specified as an integer between 1 and 100. It may be useful to configure the first application of that slice with a Relative weight of 10, then base other applications and weights around that. For example, if you configure a second slice with a weight of 20, you are saying that applications from slice two receive two times as much bandwidth than those in slice one.

These slices are only used as a prioritization method when available bandwidth for that class is nearing capacity.

To add an application slice to a Bandwidth shaping policy, do the following:

1.

Go to Bandwidth > Control > Shaping policies.

2.

From the Shaping policies table, click the expand arrow to display the Application slices table.

3.

Click Add new slice.

4.

Configure the following:

•

Status — Leave this checked unless the application slice is not going to be used.

•

Name — Configure a meaningful name for this application slice.

•

Services — Select those relevant services for this application slice. Note that you can select the category name to select all services for that category, rather than selecting each one individually.

•

Incoming relative weight — Configure an incoming bandwidth ratio as an integer between 1 and 100.

•

Incoming cap — Configure an optional cap for the amount of incoming bandwidth used. This is either in kilobits per second (kbps) or megabits per second (Mbps).

•

Outgoing relative weight — Configure an outgoing bandwidth ratio as an integer between 1 and 100.

•

Outgoing cap — Configure an optional cap for the amount of outgoing bandwidth used. This is either in kilobits per second (kbps) or megabits per second (Mbps).

•

Comment — Configure an optional comment for this application slice.

An additional button, Show comments, appears in the Application slices table if any comments are configured. Clicking this shows configured comments under the application slice name.

For example, a class is assigned the pre-defined Business shaping policy:

This class is given a Dynamic sharing type, with 2 megabits per second of incoming, and 2 megabits per second of outgoing bandwidth. The Business shaping policy slices up the 2 megabits per second of bandwidth as follows:



Traffic from Collaboration, Mail, Remote Access, and VPN/Tunneling applications are more important than all other traffic originating from IP addresses assigned to that class.



If traffic for all four application groups was detected originating from IP addresses assigned to the class, bandwidth would be shared as follows:

•

Collaboration applications would receive two times more bandwidth than Mail applications (10 being two times more than 5).

•

Remote Access and VPN/Tunnelling services receive two times more bandwidth than Collaboration applications, and four times more bandwidth than Mail applications.

•

All other traffic would receive a similar share of bandwidth as Remote Access and VPN/Tunnelling services.

If traffic matching only one application slice is present, this would use up the full 2 megabits per second allocation as needed.

The following example is based upon a hotel offering an internet service to guest bedrooms, conference rooms with separate subnets for video conferencing, and VoIP traffic, and public areas such as the lobby.

A single external interface is configured to be shaped, with a total of 5 megabits per second incoming and outgoing bandwidth.

The Default shaping policy has been given a cap of 128 kilobits per second for both incoming and outgoing traffic. An additional shaping policy has been added, Premium Service. Similar to the Default shaping policy, this policy is not for an specific service or application. It is capped at 2 megabits per second for both incoming and outgoing traffic.

The following classes are setup:



Conference Rooms — The Video conference shaping policy is applied to those IP addresses specified in the Conference Rooms class. Applications that are listed in the Video conference policy (see Creating Bandwidth Shaping Policies) are shaped if there is excessive demand on bandwidth.



Conference Rooms (voice) — The Voice over IP shaping policy is applied to those IP addresses specified in the Conference Rooms (voice). Applications that are listed in the Voice over IP policy (see Creating Bandwidth Shaping Policies) are shaped if there is excessive demand on bandwidth.



Guest Suites — The Business shaping policy is applied to those IP addresses specified in the Guest Suites class. Applications that are listed in the Business policy (see Creating Bandwidth Shaping Policies) are shaped if there is excessive demand on bandwidth.



Lobby and Reception — This class uses the Default shaping policy. This has deliberately been set to a low level of bandwidth, to restrict users from using excess bandwidth in public areas.



Lobby and Reception (Premium) — This class uses the Premium shaping policy. This allows a greater share of the bandwidth, without restricting it to any particular service. This is to encourage users in public areas to upgrade to the premium service.



Standard Guest Rooms — The only traffic that is shaped from guest rooms is video streaming, using the Slow video streaming policy. This is to encourage users to use the hotel’s own film and video service.

The above classes are allocated the following bandwidth:



Both conference room types are allocated a guaranteed slice of 2 megabits per second for incoming and outgoing traffic. Note that two conference room classes could be combined as their bandwidth allocations are the same.



Guest suites have a dynamic allocation of 2 megabits per second.



Users in the lobby and reception area are allocated 128 kilobits per second each, unless they upgrade to the Premium Service.



Standard guest rooms have a dynamic allocation of 1 megabit per second.